Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118
-
Size
215KB
-
Sample
240714-w136yavbrh
-
MD5
46fc9c3f0b2cb404b5d2f55e76886763
-
SHA1
55dad8f50b2b17271623bb3f3923c1e963a26d91
-
SHA256
5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d
-
SHA512
2a116940b6882654ac5d2c33e0a00078a96673c7b53883f1e9887835153ad11e28439d27ac535a3fb9ab2e395c7ada081744e2455601b47c1164a72395906d12
-
SSDEEP
3072:FzAKb/OW+OTwgkNZ0UMKRovRrHTyxL/zZy9TNz+E4Gm4Rq13bnPoMbLwAyS8c/je:Fv/OW+OT6f+rHTyxJFE4GmJ/D+Oqz0Cz
Static task
static1
Behavioral task
behavioral1
Sample
46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118.exe
Resource
win7-20240708-en
Behavioral task
behavioral2
Sample
46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118.exe
Resource
win10v2004-20240709-en
Malware Config
Extracted
sality
http://89.119.67.154/testo5/
http://kukutrustnet777.info/home.gif
http://kukutrustnet888.info/home.gif
http://kukutrustnet987.info/home.gif
Targets
-
-
Target
46fc9c3f0b2cb404b5d2f55e76886763_JaffaCakes118
-
Size
215KB
-
MD5
46fc9c3f0b2cb404b5d2f55e76886763
-
SHA1
55dad8f50b2b17271623bb3f3923c1e963a26d91
-
SHA256
5c05c7b7bace103ed8af779d5f383ca53eb5ce84fa9430ed2c95b8050915c23d
-
SHA512
2a116940b6882654ac5d2c33e0a00078a96673c7b53883f1e9887835153ad11e28439d27ac535a3fb9ab2e395c7ada081744e2455601b47c1164a72395906d12
-
SSDEEP
3072:FzAKb/OW+OTwgkNZ0UMKRovRrHTyxL/zZy9TNz+E4Gm4Rq13bnPoMbLwAyS8c/je:Fv/OW+OT6f+rHTyxJFE4GmJ/D+Oqz0Cz
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Modifies Windows Firewall
-
Deletes itself
-
Executes dropped EXE
-
MITRE ATT&CK Enterprise v15
Persistence
Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1Event Triggered Execution
1Netsh Helper DLL
1